--- loncom/auth/lonroles.pm 2008/07/30 15:34:34 1.203 +++ loncom/auth/lonroles.pm 2010/01/06 22:40:26 1.240.2.8 @@ -1,7 +1,7 @@ # The LearningOnline Network with CAPA # User Roles Screen # -# $Id: lonroles.pm,v 1.203 2008/07/30 15:34:34 raeburn Exp $ +# $Id: lonroles.pm,v 1.240.2.8 2010/01/06 22:40:26 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # @@ -27,6 +27,103 @@ # ### +=pod + +=head1 NAME + +Apache::lonroles - User Roles Screen + +=head1 SYNOPSIS + +Invoked by /etc/httpd/conf/srm.conf: + + + PerlAccessHandler Apache::lonacc + SetHandler perl-script + PerlHandler Apache::lonroles + ErrorDocument 403 /adm/login + ErrorDocument 500 /adm/errorhandler + + +=head1 OVERVIEW + +=head2 Choosing Roles + +C is a handler that allows a user to switch roles in +mid-session. LON-CAPA attempts to work with "No Role Specified", the +default role that a user has before selecting a role, as widely as +possible, but certain handlers for example need specification which +course they should act on, etc. Both in this scenario, and when the +handler determines via C's C<&allowed> function that a certain +action is not allowed, C is used as error handler. This +allows the user to select another role which may have permission to do +what they were trying to do. C can also be accessed via the +B button in the Remote Control. + +=begin latex + +\begin{figure} +\begin{center} +\includegraphics[width=0.45\paperwidth,keepaspectratio]{Sample_Roles_Screen} + \caption{\label{Sample_Roles_Screen}Sample Roles Screen} +\end{center} +\end{figure} + +=end latex + +=head2 Role Initialization + +The privileges for a user are established at login time and stored in the session environment. As a consequence, a new role does not become active till the next login. Handlers are able to query for privileges using C's C<&allowed> function. When a user first logs in, their role is the "common" role, which means that they have the sum of all of their privileges. During a session it might become necessary to choose a particular role, which as a consequence also limits the user to only the privileges in that particular role. + +=head1 INTRODUCTION + +This module enables a user to select what role he wishes to +operate under (instructor, student, teaching assistant, course +coordinator, etc). These roles are pre-established by the actions +of upper-level users. + +This is part of the LearningOnline Network with CAPA project +described at http://www.lon-capa.org. + +=head1 HANDLER SUBROUTINE + +This routine is called by Apache and mod_perl. + +=over 4 + +=item * + +Roles Initialization (yes/no) + +=item * + +Get Error Message from Environment + +=item * + +Who is this? + +=item * + +Generate Page Output + +=item * + +Choice or no choice + +=item * + +Table + +=item * + +Privileges + +=back + +=cut + + package Apache::lonroles; use strict; @@ -41,6 +138,7 @@ use Apache::lonannounce; use Apache::lonlocal; use Apache::lonpageflip(); use Apache::lonnavdisplay(); +use Apache::lonmainmenu(); use GDBM_File; use LONCAPA qw(:DEFAULT :match); use HTML::Entities; @@ -60,8 +158,14 @@ sub redirect_user { } else { $navwindow.=&Apache::lonnavmaps::close(); } + + # Breadcrumbs + my $brcrum = [{'href' => $url, + 'text' => 'Switching Role'},]; my $start_page = &Apache::loncommon::start_page('Switching Role',undef, - {'redirect' => [1,$url],}); + {'redirect' => [1,$url], + 'bread_crumbs' => $brcrum,}); + &Apache::lonhtmlcommon::clear_breadcrumbs(); my $end_page = &Apache::loncommon::end_page(); # Note to style police: @@ -70,10 +174,12 @@ sub redirect_user { $r->print(< +// $navwindow -

$msg

+

$msg

$end_page ENDREDIR return; @@ -85,13 +191,25 @@ sub error_page { &Apache::loncommon::no_cache($r); $r->send_http_header; return OK if $r->header_only; - $r->print(&Apache::loncommon::start_page('Problems during Course Initialization'). - ''. - '

'.&mt('The following problems occurred:'). + # Breadcrumbs + my $brcrum = [{'href' => $dest, + 'text' => 'Problems during Course Initialization'},]; + $r->print(&Apache::loncommon::start_page('Problems during Course Initialization', + undef, + {'bread_crumbs' => $brcrum,}) + ); + $r->print( + ''. + '

'.&mt('The following problems occurred:'). + '
'. $error. - '


'.&mt('Continue').''. - &Apache::loncommon::end_page()); + '


'.&mt('Continue').'' + ); + $r->print(&Apache::loncommon::end_page()); } sub handler { @@ -100,10 +218,15 @@ sub handler { my $now=time; my $then=$env{'user.login.time'}; + my $refresh=$env{'user.refresh.time'}; + if (!$refresh) { + $refresh = $then; + } my $envkey; my %dcroles = (); my $numdc = &check_fordc(\%dcroles,$then); &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'}); + my $custommenu = &Apache::loncommon::needs_gci_custom(); # ================================================================== Roles Init if ($env{'form.selectrole'}) { @@ -118,7 +241,7 @@ sub handler { # Check if user is CC trying to select a course role if ($env{'form.switchrole'}) { if (!defined($env{'user.role.'.$env{'form.switchrole'}})) { - &adhoc_course_role($then); + &adhoc_course_role($refresh,$then); } } my %temp=('logout_'.$env{'request.course.id'} => time); @@ -135,28 +258,53 @@ sub handler { # Check if user is a DC trying to enter a course or author space and needs privs to be created if ($numdc > 0) { foreach my $envkey (keys %env) { -# Is this an ad-hoc CC-role? - if (my ($domain,$coursenum) = - ($envkey =~ m-^form\.cc\./($match_domain)/($match_courseid)$-)) { +# Is this an ad-hoc Coordinator role? + if (my ($ccrole,$domain,$coursenum) = + ($envkey =~ m-^form\.(cc|co)\./($match_domain)/($match_courseid)$-)) { if ($dcroles{$domain}) { - &check_privs($domain,$coursenum,$then,$now,'cc'); + &Apache::lonnet::check_adhoc_privs($domain,$coursenum, + $then,$refresh,$now,$ccrole); } last; } # Is this an ad-hoc CA-role? if (my ($domain,$user) = ($envkey =~ m-^form\.ca\./($match_domain)/($match_username)$-)) { - # Check if author blocked ca-access + if (($domain eq $env{'user.domain'}) && ($user eq $env{'user.name'})) { + delete($env{$envkey}); + $env{'form.au./'.$domain.'/'} = 1; + my ($server_status,$home) = &check_author_homeserver($user,$domain); + if ($server_status eq 'switchserver') { + my $trolecode = 'au./'.$domain.'/'; + my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode; + $r->internal_redirect($switchserver); + } + last; + } + if (my ($castart,$caend) = ($env{'user.role.ca./'.$domain.'/'.$user} =~ /^(\d*)\.(\d*)$/)) { + if (((($castart) && ($castart < $now)) || !$castart) && + ((!$caend) || (($caend) && ($caend > $now)))) { + my ($server_status,$home) = &check_author_homeserver($user,$domain); + if ($server_status eq 'switchserver') { + my $trolecode = 'ca./'.$domain.'/'.$user; + my $switchserver = '/adm/switchserver?otherserver='.$home.'&role='.$trolecode; + $r->internal_redirect($switchserver); + } + last; + } + } + # Check if author blocked ca-access my %blocked=&Apache::lonnet::get('environment',['domcoord.author'],$domain,$user); if ($blocked{'domcoord.author'} eq 'blocked') { - delete($env{$envkey}); - $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access'; - last; + delete($env{$envkey}); + $env{'user.error.msg'}=':::1:User '.$user.' in domain '.$domain.' blocked domain coordinator access'; + last; } if ($dcroles{$domain}) { my ($server_status,$home) = &check_author_homeserver($user,$domain); if (($server_status eq 'ok') || ($server_status eq 'switchserver')) { - &check_privs($domain,$user,$then,$now,'ca'); + &Apache::lonnet::check_adhoc_privs($domain,$user,$then, + $refresh,$now,'ca'); if ($server_status eq 'switchserver') { my $trolecode = 'ca./'.$domain.'/'.$user; my $switchserver = '/adm/switchserver?' @@ -173,11 +321,14 @@ sub handler { } } } - + if (($env{'form.cm'}) && ($env{'form.orgurl'})) { + $r->internal_redirect($env{'form.orgurl'}); + } foreach $envkey (keys %env) { next if ($envkey!~/^user\.role\./); my ($where,$trolecode,$role,$tstatus,$tend,$tstart); - &role_status($envkey,$then,$now,\$role,\$where,\$trolecode,\$tstatus,\$tstart,\$tend); + &Apache::lonnet::role_status($envkey,$then,$refresh,$now,\$role,\$where, + \$trolecode,\$tstatus,\$tstart,\$tend); if ($env{'form.'.$trolecode}) { if ($tstatus eq 'is') { $where=~s/^\///; @@ -229,8 +380,11 @@ sub handler { $cdom,$cnum, $env{'user.domain'}, $env{'user.name'}, - 'Assigned from '.$ENV{'REMOTE_ADDR'}.' at '.localtime().' for '. - $trolecode); + &mt('Assigned from [_1] at [_2] for [_3]' + ,$ENV{'REMOTE_ADDR'} + ,&Apache::lonlocal::locallocaltime() + ,$trolecode) + ); unless ($assignresult eq 'ok') { $assignresult=~s/^error\:\s*//; $message=&mt($assignresult). @@ -241,12 +395,14 @@ sub handler { $r->print(< +// -
+ -$message
+$message
$end_page @@ -264,9 +420,11 @@ ENDENTEREDKEY $r->print(< +// -
+ @@ -292,13 +450,21 @@ ENDENTERKEY if (($cnum) && ($role ne 'ca') && ($role ne 'aa')) { my $msg; + if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; } + &Apache::lonnet::appenv({'request.role.adv'=>$tadv}); my ($furl,$ferr)= &Apache::lonuserstate::readmap($cdom.'/'.$cnum); if (($env{'form.orgurl'}) && ($env{'form.orgurl'}!~/^\/adm\/flip/)) { my $dest=$env{'form.orgurl'}; - if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; } - &Apache::lonnet::appenv({'request.role.adv'=>$tadv}); + if ($env{'form.symb'}) { + if ($dest =~ /\?/) { + $dest .= '&'; + } else { + $dest .= '?' + } + $dest .= 'symb='.$env{'form.symb'}; + } if (($ferr) && ($tadv)) { &error_page($r,$ferr,$dest); } else { @@ -310,14 +476,13 @@ ENDENTERKEY &Apache::lonnet::appenv( {"request.course.id" => $cdom.'_'.$cnum}); $furl='/adm/roles?tryagain=1'; - $msg= - '

'. - &mt('Could not initialize [_1] at this time.', - $env{'course.'.$cdom.'_'.$cnum.'.description'}). - '

'.&mt('Please try again.').'

'.$ferr; + $msg='

' + .&mt('Could not initialize [_1] at this time.', + $env{'course.'.$cdom.'_'.$cnum.'.description'}) + .'

' + .'

'.&mt('Please try again.').'

' + .'

'.$ferr.'

'; } - if (&Apache::lonnet::allowed('adv') eq 'F') { $tadv=1; } - &Apache::lonnet::appenv({'request.role.adv'=>$tadv}); if (($ferr) && ($tadv)) { &error_page($r,$ferr,$furl); @@ -329,8 +494,8 @@ ENDENTERKEY $courseid = substr($courseid, 1); } $courseid =~ s/\//_/; - if ($role eq 'cc' && $env{'course.' . $courseid . - '.course.helper.not.run'}) { + if (($cdom ne 'gcitest') && (($role eq 'cc') || ($role eq 'co')) + && ($env{'course.' . $courseid .'.course.helper.not.run'})) { $furl = "/adm/helper/course.initialization.helper"; # Send the user to the course they selected } elsif ($env{'request.course.id'}) { @@ -353,8 +518,8 @@ ENDENTERKEY .$env{'request.course.sec'}) ) { my $startpage = &courseloadpage($courseid); - unless ($startpage eq 'firstres') { - $msg = &mt('Entering [_1] ....', + unless (($startpage eq 'firstres') || ($cdom eq 'gcitest')) { + $msg = &mt('Entering [_1] ...', $env{'course.'.$courseid.'.description'}); &redirect_user($r,&mt('New in course'), '/adm/whatsnew?refpage=start',$msg, @@ -368,6 +533,9 @@ ENDENTERKEY # Guess not ... $furl=&Apache::lonpageflip::first_accessible_resource(); } + if (($cdom eq 'gcitest') && ($custommenu)) { + $furl = '/adm/navmaps'; + } $msg = &mt('Entering [_1] ...', $env{'course.'.$courseid.'.description'}); &redirect_user($r,&mt('Entering [_1]', @@ -399,12 +567,17 @@ ENDENTERKEY $redirect_url); return OK; } + if ($role eq 'sc') { + my $redirect_url = '/adm/grades?command=scantronupload'; + &redirect_user($r,&mt('Loading Data Upload Page'), + $redirect_url); + return OK; + } } } } } - # =============================================================== No Roles Init &Apache::loncommon::content_type($r,'text/html'); @@ -412,19 +585,41 @@ ENDENTERKEY $r->send_http_header; return OK if $r->header_only; - my $swinfo=&Apache::lonmenu::rawconfig(); - my $start_page=&Apache::loncommon::start_page('User Roles'); - my $standby=&mt('Role selected. Please stand by.'); - $standby=~s/\n/\\n/g; + my ($crumbtext,$pagetitle,$recent,$show_course); my $noscript=''.&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.').'
'.&mt('As this is not the case, most functionality in the system will be unavailable.').'
'; - - $r->print(< 1}); + $r->print(<<"ENDCUSTOM"); +$start_page +
+ +ENDCUSTOM + } else { + $crumbtext = 'User Roles'; + $pagetitle = 'My Roles'; + $recent = &mt('Recent Roles'); + $show_course=&Apache::loncommon::show_course(); + if ($show_course) { + $crumbtext = 'Courses'; + $pagetitle = 'My Courses'; + $recent = &mt('Recent Courses'); + } + my $brcrum =[{href=>"/adm/roles",text=>$crumbtext}]; + my $swinfo=&Apache::lonmenu::rawconfig(); + my $start_page=&Apache::loncommon::start_page($pagetitle,undef,{bread_crumbs=>$brcrum}); + my $standby=&mt('Role selected. Please stand by.'); + $standby=~s/\n/\\n/g; + $r->print(< ENDHEADER + } # ------------------------------------------ Get Error Message from Environment @@ -457,6 +654,8 @@ ENDHEADER my $advanced=$env{'user.adv'}; &Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['tryagain']); my $tryagain=$env{'form.tryagain'}; + my $reinit=$env{'user.reinit'}; + delete $env{'user.reinit'}; # -------------------------------------------------------- Generate Page Output # --------------------------------------------------------------- Error Header? @@ -486,10 +685,17 @@ ENDHEADER &Apache::lonenc::check_encrypt($fn)); } else { if ($env{'user.error.msg'}) { - $r->print( + if ($reinit) { + $r->print( '

'. - &mt('You need to choose another user role or enter a specific course for this function').'

'); - } + &mt('As your session file for the course or community has expired, you will need to re-select it.').''); + } else { + $r->print( + '

'. + &mt('You need to choose another user role or enter a specific course or community for this function.'). + '

'); + } + } } # -------------------------------------------------------- Choice or no choice? if ($nochoose) { @@ -501,198 +707,96 @@ ENDHEADER if (($ENV{'REDIRECT_QUERY_STRING'}) && ($fn)) { $fn.='?'.$ENV{'REDIRECT_QUERY_STRING'}; } - $r->print(''); - $r->print(''); - $r->print(''); - $r->print(''); - } - my (%roletext,%sortrole,%roleclass); - my $countactive=0; - my $countfuture=0; - my $countwill=0; - my $inrole=0; - my $possiblerole=''; - my %futureroles; - my %roles_nextlogin; - foreach $envkey (sort keys %env) { - my $button = 1; - my $switchserver=''; - my $roletext; - my $sortkey; - if ($envkey=~/^user\.role\./) { - my ($role,$where,$trolecode,$tstart,$tend,$tremark,$tstatus,$tpstart,$tpend,$tfont); - &role_status($envkey,$then,$now,\$role,\$where,\$trolecode,\$tstatus,\$tstart,\$tend); - next if (!defined($role) || $role eq '' || $role =~ /^gr/); - $tremark=''; - $tpstart=' '; - $tpend=' '; - $tfont='#000000'; - if ($tstart) { - $tpstart=&Apache::lonlocal::locallocaltime($tstart); - } - if ($tend) { - $tpend=&Apache::lonlocal::locallocaltime($tend); - } - if ($env{'request.role'} eq $trolecode) { - $tstatus='selected'; + unless ($custommenu) { + $r->print(''); + $r->print(''); + $r->print(''); + $r->print(''); + } + } + + my (%roletext,%sortrole,%roleclass,%futureroles,%timezones); + my ($countactive,$countfuture,$inrole,$possiblerole) = + &gather_roles($then,$refresh,$now,$reinit,$nochoose,\%roletext,\%sortrole,\%roleclass, + \%futureroles,\%timezones); + + $refresh = $now; + &Apache::lonnet::appenv({'user.refresh.time' => $refresh}); + if ($custommenu) { + if ($env{'form.destinationurl'} eq '/adm/gci_info') { + $r->print(&gci_info_page()). + &Apache::loncommon::end_page(); + return OK; + } + my %courses = &Apache::loncommon::existing_gcitest_courses('cc'); + $env{'browser.interface'}='faketextual'; + $env{'environment.remote'}='off'; + my $numcourses = keys(%courses); + my $switcher; + if ($numcourses > 0) { + $switcher = &Apache::lonmainmenu::gcitest_switcher(%courses); + my $current; + if ($env{'request.course.id'}) { + $current = 'cc./'.$env{'course.'.$env{'request.course.id'}.'.domain'}. + '/'.$env{'course.'.$env{'request.course.id'}.'.num'}; } - my $tbg; - if (($tstatus eq 'is') - || ($tstatus eq 'selected') - || ($tstatus eq 'will') - || ($tstatus eq 'future') - || ($env{'form.showall'})) { - if ($tstatus eq 'is') { - $tbg='#77FF77'; - $tfont='#003300'; - $possiblerole=$trolecode; - $countactive++; - } elsif ($tstatus eq 'future') { - $tbg='#FFFF77'; - $button=0; - $futureroles{$trolecode} = $tstart.':'.$tend; - $countfuture ++; - } elsif ($tstatus eq 'will') { - $tbg='#FFAA77'; - $tremark.=&mt('Active at next login. '); - $roles_nextlogin{$trolecode} = $tstart.':'.$tend; - $countwill ++; - } elsif ($tstatus eq 'expired') { - $tbg='#FF7777'; - $tfont='#330000'; - $button=0; - } elsif ($tstatus eq 'will_not') { - $tbg='#AAFF77'; - $tremark.=&mt('Expired after logout. '); - } elsif ($tstatus eq 'selected') { - $tbg='#11CC55'; - $tfont='#002200'; - $inrole=1; - $countactive++; - $tremark.=&mt('Currently selected. '); - } - my $trole; - if ($role =~ /^cr\//) { - my ($rdummy,$rdomain,$rauthor,$rrole)=split(/\//,$role); - if ($tremark) { $tremark.='
'; } - $tremark.=&mt('Defined by ').$rauthor. - &mt(' at ').$rdomain.'.'; - } - $trole=Apache::lonnet::plaintext($role); - my $ttype; - my $twhere; - my ($tdom,$trest,$tsection)= - split(/\//,Apache::lonnet::declutter($where)); - # First, Co-Authorship roles - if (($role eq 'ca') || ($role eq 'aa')) { - my $home = &Apache::lonnet::homeserver($trest,$tdom); - my $allowed=0; - my @ids=&Apache::lonnet::current_machine_ids(); - foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } } - if (!$allowed) { - $button=0; - $switchserver='otherserver='.$home.'&role='.$trolecode; - } - #next if ($home eq 'no_host'); - $home = &Apache::lonnet::hostname($home); - $ttype='Construction Space'; - $twhere=&mt('User').': '.$trest.'
'.&mt('Domain'). - ': '.$tdom.'
'. - ' '.&mt('Server').': '.$home; - $env{'course.'.$tdom.'_'.$trest.'.description'}='ca'; - $tremark.=&Apache::lonhtmlcommon::authorbombs('/res/'.$tdom.'/'.$trest.'/'); - $sortkey=$role."$trest:$tdom"; - } elsif ($role eq 'au') { - # Authors - my $home = &Apache::lonnet::homeserver - ($env{'user.name'},$env{'user.domain'}); - my $allowed=0; - my @ids=&Apache::lonnet::current_machine_ids(); - foreach my $id (@ids) { if ($id eq $home) { $allowed=1; } } - if (!$allowed) { - $button=0; - $switchserver='otherserver='.$home.'&role='.$trolecode; - } - #next if ($home eq 'no_host'); - $home = &Apache::lonnet::hostname($home); - $ttype='Construction Space'; - $twhere=&mt('Domain').': '.$tdom.'
'.&mt('Server'). - ': '.$home; - $env{'course.'.$tdom.'_'.$trest.'.description'}='ca'; - $tremark.=&Apache::lonhtmlcommon::authorbombs('/res/'.$tdom.'/'.$env{'user.name'}.'/'); - $sortkey=$role; - } elsif ($trest) { - my $tcourseid=$tdom.'_'.$trest; - $ttype = &Apache::loncommon::course_type($tcourseid); - $trole = &Apache::lonnet::plaintext($role,$ttype); - if ($env{'course.'.$tcourseid.'.description'}) { - $twhere=$env{'course.'.$tcourseid.'.description'}; - $sortkey=$role."\0".$tdom."\0".$twhere."\0".$envkey; - unless ($twhere eq &mt('Currently not available')) { - $twhere.=' '. - &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont). - ''; - } - } else { - my %newhash=&Apache::lonnet::coursedescription($tcourseid); - if (%newhash) { - $sortkey=$role."\0".$tdom."\0".$newhash{'description'}. - "\0".$envkey; - $twhere=$newhash{'description'}. - ' '. - &Apache::loncommon::syllabuswrapper(&mt('Syllabus'),$trest,$tdom,$tfont). - ''; - $ttype = $newhash{'type'}; - $trole = &Apache::lonnet::plaintext($role,$ttype); - } else { - $twhere=&mt('Currently not available'); - $env{'course.'.$tcourseid.'.description'}=$twhere; - $sortkey=$role."\0".$tdom."\0".$twhere."\0".$envkey; - $ttype = 'Unavailable'; - } - } - if ($tsection) { - $twhere.='
'.&mt('Section').': '.$tsection; - } - if ($role ne 'st') { $twhere.="
".&mt('Domain').":".$tdom; } - } elsif ($tdom) { - $ttype='Domain'; - $twhere=$tdom; - $sortkey=$role.$twhere; - } else { - $ttype='System'; - $twhere=&mt('system wide'); - $sortkey=$role.$twhere; - } - $roletext.=&build_roletext($trolecode,$tdom,$trest,$tstatus,$tryagain,$advanced,$tremark,$tbg,$tfont,$trole,$twhere,$tpstart,$tpend,$nochoose,$button,$switchserver); - $roletext{$envkey}=$roletext; - if (!$sortkey) {$sortkey=$twhere."\0".$envkey;} - $sortrole{$sortkey}=$envkey; - $roleclass{$envkey}=$ttype; - } + my $switcher_js = &Apache::lonmainmenu::gcitest_switcher_js($current,$numcourses); + $r->print(<<"ENDSCRIPT"); + +ENDSCRIPT + } + $r->print(&Apache::lonmenu::inlinemenu('gcicustom',$switcher). + &Apache::loncommon::end_page()); + return OK; + } else { + if ($env{'form.destinationurl'} eq '/adm/gci_info') { + delete($env{'form.destinationurl'}); } } if ($env{'user.adv'}) { - $r->print( - '